The article was first available on The New Stack - read it here.
Decoupling is a powerful tool that can help alleviate many issues arising from the ever-growing complexity of modern software. To maintain a high level of performance in such feature-rich applications, you might consider breaking the application up into different services that talk to one another — that is, decoupling your application’s components.
Decoupling components via services enables you to deal with performance issues, cost optimization and feature development separately for each of your application’s functionalities. Decoupling also minimizes the risk of failure of one component affecting other components, resulting in a graceful degradation of services that can significantly enhance user experience. In fast-paced environments, decoupling has a lot to offer regarding software development, debugging, cost optimization, testing and more.
Let’s look at the basics of decoupling, how decoupling can help you write better software and what to look for when identifying components for decoupling.
Unlike traditional architectures, with their monolithic design and tightly coupled functions and features, decoupling describes the process of removing direct dependence between two or more components, services or systems. Moving away from tightly coupled design patterns helps ensure a rapid development life cycle and easier code maintenance to keep up with the market’s demands.
Imagine a typical e-commerce web application with functionalities like registering and signing in users, listing inventory, taking orders, assigning deliveries, accepting payments and so on. In a monolithic architecture, all these features and functionalities are merged into a single executable. In such a scenario, the only way to deploy changes to a feature would be to deploy the entire application. Decoupled architectures, however, work with services and components.
A decoupled architecture for the same e-commerce application might have different services for payments, registration, fulfillment, etc. Some core services, such as authorization, can be outsourced to a third-party component. This gives you tremendous flexibility and freedom to develop your application based on your unique needs and priorities.
A decoupled system allows you to rapidly architect, develop, test and deploy features. When building new features in a decoupled design, you can independently test and deploy the service without deploying all the other components, enabling most applications to function correctly. This allows for easy and continuous composition and deployment of application services.
Decoupling is at play, by default, when you interact with external services and products. To make your application decoupled, you need to structure its components to follow the same communication principles that help your application interact with external services. API-driven development and discoverable services are at the core of a decoupled system. This structure allows for the use of third-party products, freeing up your engineering team’s time for in-house development.
Finally, to securely and reliably bind these different components of your application together, you need identity and access management in the form of authorization. A certain level of expertise is required to implement authorization when dealing with a monolithic stack. However, with a decoupled system, you avoid the necessity — and cost — of hiring experts by delegating this core work to a third-party system. The use of a decoupled system thus improves the development process and allows for more efficient use of resources.
Choosing to incorporate an external component as a core contributor to your application’s functionality will likely be a long-term decision. If you have to move away from a component later in your application’s journey, it can cost a lot, especially when you weren’t planning on doing so. To prevent that from happening, you should perform a few simple checks first.
If you’re going to use a proprietary component, you need to consider the cost of getting locked in and be sure the component is fully dependable. This is particularly important if you are outsourcing a core service such as authorization to a third party. You’ll want to check that the component you’re considering has the right features and that it’s actively developed to cater to a variety of customer requirements.
For an open source component, you should check whether the project has a strong community, a well-defined public roadmap, clear documentation and frequent and stable releases. Verifying these things will give you an indication of the overall maturity of the product. On top of that, vanity metrics like GitHub repository stars, forks, etc., can be good indicators of a project’s popularity.
Customizability is one of the most critical aspects in choosing a component for your application, especially when multiple services in your application are going to interact with that component. The more flexibility your third-party components have, the more flexibility you’ll have in architecting and evolving your application over time.
If the company behind a component has well-defined open standards, it can be a good indicator that its components will be flexible and customizable. Open standards compel companies to consider use cases that resonate across multiple industries and domains, which, in turn, drives them to make a component that is flexible enough to meet a wide range of requirements. To make the best out of any third-party component, ensure that it is customizable enough to cater to your current and future needs.
When building applications that deal with critical data, you should ensure that any external components you use in your decoupled application are secure, have the relevant certifications and are compliance-ready. These checks will not only lay a strong foundation for your application but also encourage trust among your customers.
Lastly, you should vet the components to ensure they fit your requirements. Check for the component features you need to seamlessly integrate with different services of your application, especially if you’re partially or fully rearchitecting a monolithic legacy application. Migration and implementation case studies might be of great help here. If you’re considering integrating a third-party component that interacts with your application’s other components, thorough vetting is vital.
Authorization is a core service required by every web application. Although you can implement it yourself, you don’t have to reinvent the wheel. This is a particular area where you can benefit from the expertise of an open source product like Cerbos, which centrally manages authorization for all the components and services of your decoupled application. Cerbos helps you prevent the dispersion of custom authorization logic across your application by managing the logic in one place. Whether it is role-based access control, attribute-based access control or any other access control policy pattern, you can implement it with Cerbos.
The article was first available on The New Stack - read it here.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team